Love Letter's Fallout Continues

SAN FRANCISCO (05/08/2000) - As PC users around the world struggle to clean up hard drives and networks, "I Love You" virus variants still lurk. How do you protect yourself from malicious mail that leaves its mark?

It's an old but true answer: Diligently update the virus definitions in your antivirus software, and stay wary of attachments to e-mail, antivirus vendors advise.

Still Fighting Variants

The Scan and Deliver service from Symantec welcomes submissions of suspicious files. The antivirus research center will check them for variants of the original VBS.LoveLetter.A.Virus, says Patrick Martin, product manager.

So far, most variants to the Love Letter bug involve simple changes to the subject line or spaces in the code, Martin says. "If they change enough of the Visual Basic script, you could look at it as a new worm."

To fight ongoing variants, Symantec's software checks for certain code that stays consistent in the worm's script, Martin says.

To be safe, Martin suggests you delete attachments with .vbs extensions and be cautious of those with one of the other five extensions in Windows scripting host: JS, JSE, VBE, WSF, and WSH. You can download the latest data definitions through Norton Antivirus LiveUpdate.

Update-Seekers Clog Sites

Logging on to update your definitions is sound advice, but not always easy.

Antivirus vendors Symantec, Network Associates, Computer Associates, and others posted updates to detect the Love Letter bug. But getting through was a challenge. Symantec reports nearly 16 times the normal traffic to its LiveUpdate servers during the Love Bug's height of exposure.

You can also find the Norton update at and And other sites, including PC, have posted several detection programs.

Network Associates has measured more than 1 million corporate downloads of its McAfee VirusScan since the Love Letter started circulating, says Gene Hodges, president and chief operating officer of Network Associates' McAfee division.

The virus-fighters aren't the only ones with clogged networks. The Love Letter bug shares its payload by infiltrating your Outlook address book and sending out more Love Letters. Consequently, victim companies find their e-mail servers clogged.

"A lot of sites have not yet completely recovered, and their e-mail gateways are still down," says Jeffrey Carpenter, senior Internet security technologist at the Computer Emergency Response Team (CERT) speaking Friday morning at Carnegie Mellon University. "They had so much mail to go through. Some places have had to reinstall the operating system because the resources spent recovering would have been more than rebuilding the machine."

The cost of recovery is running into tens of thousands of dollars at some locations, Carpenter adds. In some cases, damage is difficult to measure. One organization reports losing 40GB of JPEG files, Carpenter says.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Carnegie Mellon University AustraliaCA TechnologiesCERT AustraliaComputer Emergency Response TeamMcAfee AustraliaMellonSymantec

Show Comments